Use agenix for initial user credential

2023-06-26 12:53:48 -05:00
parent a1f59f6507
commit 55c1521df0
3 changed files with 24 additions and 14 deletions
--- a/flake.nix
+++ b/flake.nix
@ -98,27 +98,26 @@
                users = {
                  sezycei = {
                    isNormalUser = true;
-                    initialPassword = "bootMaster";
+                    passwordFile = config.age.secrets.sezycei.path;
                    extraGroups = [ "wheel" ];
-                    packages = with pkgs; [ byobu tmux stack ];
+                    packages = with pkgs; [ 
+                      byobu 
+                      tmux 
+                      stack 
+                    ];
                  };
                  torrent = {
                    isNormalUser = true;
-                    initialPassword = "torrentUserTemp";
                  };
                };
-
              };

-              age.secrets.keys.file = ./secrets/keys.age;
-
-              #sops = {
-              #  age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; };
-              #  defaultSopsFile = ./secrets/keys.yaml;
-              #  secrets = {
-              #    hostname = { };
-              #  };
-              #};
+              age = {
+                secrets = {
+                  keys.file = ./secrets/keys.age;
+                  sezycei.file = ./secrets/sezycei.age;
+                };
+              };

              system.stateVersion = "22.11";
            })
--- a/secrets.nix
+++ b/secrets.nix
@ -1,7 +1,9 @@
 let
  james = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7R6FstqVDjVuyKGEUmWolYJ/I/DDxYOQV/zKPkiAth james@eversole.co";
  eve-psr-nix0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMyaPYK0HcKAjrD1g+FPqPEU9FJ0I6+iKYmQlWKE0zHp root@matri.cx";
+  all = [ james eve-psr-nix0 ];
 in
 {
-  "secrets/keys.age".publicKeys = [ james eve-psr-nix0 ];
+  "secrets/keys.age".publicKeys = all;
+  "secrets/sezycei.age".publicKeys = all;
 }
--- a/secrets/sezycei.age
+++ b/secrets/sezycei.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 dQ70Fw 3IuGJg1Bmbdhx4+4WV+EaEpQ0795MDG2QKHnQA02M0Q
+qQgBpM1lKO3LCogVfDpN+EoCjYN6xsAezcoEOR/RsXw
+-> ssh-ed25519 ZIoeGg vF5+NjxMu0PjaRpTHYEQ8yodaV4JB7kVby8q9e53S3A
+fnloGnvaQrBtJ+JTTczxqikpbhG2RrDNTTAyCgnTkLo
+-> 46"=M-grease )Ek`P B?bmJPNj B^(u_8 TrBLv
+6JtU+tKd6pFfvzg5svdM
+--- PiP0DrBQUbngSItXfNh1FJVNFUXKlnVnN7nASKntfFg
+.<05><>g<EFBFBD><67>K<><4B><EFBFBD>-<2D>T<EFBFBD><07>k<EFBFBD><6B>&<26><><EFBFBD>>[Q<><51>ì<EFBFBD><C3AC>\<5C><> <20><EFBFBD>k<>